Canton DeFi

Appearance

2.3 Compliance and Auditability Framework

Canton's architecture provides an immutable record of policy decisions. The synchronized ledgers ensure that all role-based actions, policy contract definitions, and approval quorums are recorded atomically and privately.

This mechanism forms the foundation of compliance-ready audit logs.

Immutable Audit Trail

What Gets Recorded

Every action on the Canton ledger is immutably recorded:

Action TypeData CapturedVisibility
Policy CreationRules, constraints, approversController, Risk Officer
Policy UpdatesChanges, effective time, updaterController, Risk Officer, Regulators
ProposalsFull allocations, proposer, timestampProposer, Approvers
ApprovalsApprover identity, timestamp, signatureProposer, All Approvers
Intent GenerationNonce, actions, deadline, issuerPolicy Issuer, Regulators
Execution ResultsSuccess/failure, gas, slippageAll stakeholders

Cryptographic Guarantees

  • Non-repudiation: All actions cryptographically signed
  • Tamper-proof: Blockchain-based immutability
  • Time-stamped: Precise temporal ordering
  • Causally linked: Full transaction dependency graph

Supervisory Node Concept

Daml's design facilitates streamlined regulatory oversight through the supervisory node pattern.

How It Works 

┌──────────────────────────────────────┐
│         Canton Network               │
│                                      │
│  ┌────────────────────────────────┐ │
│  │    Vault Operator Node         │ │
│  │  • Creates policies            │ │
│  │  • Proposes rebalances         │ │
│  │  • Generates intents           │ │
│  └────────────┬───────────────────┘ │
│               │                      │
│               │ Observable           │
│               │                      │
│  ┌────────────▼───────────────────┐ │
│  │   Regulator Supervisory Node  │ │
│  │  • Read-only observer          │ │
│  │  • Real-time visibility        │ │
│  │  • No execution authority      │ │
│  └────────────────────────────────┘ │
└──────────────────────────────────────┘

Implementation

Regulators can be provisioned as permanent Observer Parties on critical contract templates:

daml
template VaultPolicy
  with
    controller: Party
    riskOfficer: Party
    regulator: Party  -- Supervisory party
    -- ... other fields
  where
    signatory controller
    observer riskOfficer, regulator  -- Regulator has read access

Benefits

  1. Real-time Transparency

    • Continuous visibility into all operations
    • No need for periodic data requests
    • Instant access to policy decisions

  2. Commercial Privacy

    • Strategy details remain private
    • Client positions not exposed
    • Need-to-know visibility enforced

  3. Compliance Proof

    • Immutable evidence of policy compliance
    • Complete audit trail on demand
    • Cryptographic verification of all actions

  4. Reduced Burden

    • Automated compliance reporting
    • No manual data collection
    • Standardized reporting format

Audit Report Generation

Example: Compliance Report Query

daml
-- Query all rebalance proposals in a time period
getComplianceReport : Time -> Time -> Update [RebalanceProposal]
getComplianceReport startTime endTime = do
  proposals <- query @RebalanceProposal
  return $ filter (\p ->
    p.createdAt >= startTime &&
    p.createdAt <= endTime
  ) proposals

-- Verify all proposals met quorum requirements
verifyQuorumCompliance : [RebalanceProposal] -> Bool
verifyQuorumCompliance proposals =
  all (\p -> length p.approvals >= p.quorumRequired) proposals

Automated Alerts

Configure real-time alerts for compliance events:

  • Policy violations (attempted but blocked)
  • Approval timeouts
  • Emergency operations
  • Threshold breaches
  • Unusual transaction patterns

Privacy Model

Canton's need-to-know privacy model ensures data minimization:

Stakeholder Views

PartyVaultPolicyRebalanceProposalExecutionIntent
ControllerFull access (signatory)Create & viewIssue & sign
OperatorRead-onlyCreate (signatory)View
ApproverRead-onlyApprove (controller)View
Risk OfficerRead-only (observer)ViewView
RegulatorRead-only (observer)Read-only (observer)Read-only (observer)
PublicNo accessNo accessMinimal (intent only)

Data Classification

Data Minimization Principle

Only the minimum necessary data leaves the Canton domain. Sensitive strategy details, risk models, and internal discussions remain completely private.

Private (Canton Only):

  • Strategy algorithms
  • Risk scores and models
  • Internal approval discussions
  • Oracle feed details
  • Policy reasoning

Public (On-Chain):

  • Vault address
  • Transaction nonce
  • Action list (protocol, operation, params)
  • Deadline
  • Cryptographic signature

Regulatory Frameworks Supported

This architecture facilitates compliance with various regulatory frameworks:

GDPR (General Data Protection Regulation)

  • Data minimization by design
  • Right to access (via observer status)
  • Privacy-preserving computation
  • Immutable audit trails

MiFID II (Markets in Financial Instruments Directive)

  • Transaction reporting
  • Best execution evidence
  • Audit trail requirements
  • Governance records

SOC 2 (Service Organization Control)

  • Access control logging
  • Change management records
  • Operational logs
  • Security event tracking

Basel III / Capital Requirements

  • Risk exposure monitoring
  • Real-time reporting
  • Stress test capability
  • Capital calculation inputs

Forensic Auditing

Post-Incident Investigation

Complete transaction traceability enables forensic analysis:

  1. Identify Intent: Find the public chain transaction
  2. Trace to Canton: Match transaction hash to ExecutionIntent
  3. Review Proposal: Access the RebalanceProposal (if Flow B)
  4. Check Policy: Verify policy constraints at execution time
  5. Verify Approvals: Confirm all required signatures
  6. Review Inputs: Examine oracle feeds and market data

Example Investigation Query

daml
-- Trace a public transaction back to its origin
investigateTransaction : Text -> Update InvestigationReport
investigateTransaction txHash = do
  -- Find the ExecutionIntent
  intent <- queryContractId @ExecutionIntent (lookupByTxHash txHash)

  -- Find the source proposal (if any)
  proposal <- queryContractId @RebalanceProposal intent.sourceProposal

  -- Get the policy in effect
  policy <- fetch intent.policyId

  return InvestigationReport with
    intent
    proposal
    policy
    allApprovals = proposal.approvals
    timestamp = intent.createdAt
    compliant = verifyCompliance intent policy

Best Practices

For Operators

  1. Maintain clear policy documentation
  2. Regular policy reviews and updates
  3. Document rationale for discretionary proposals
  4. Monitor automated rebalance results

For Risk Officers

  1. Set up real-time alert monitoring
  2. Regular policy effectiveness reviews
  3. Periodic compliance report generation
  4. Escalation procedures for violations

For Regulators

  1. Define observer party requirements upfront
  2. Establish data access protocols
  3. Create standardized report templates
  4. Regular coordination with institutions

For Auditors

  1. Understand Canton's privacy model
  2. Leverage cryptographic verification
  3. Validate quorum logic in code
  4. Test supervisory node access

Canton DeFi - Multichain DeFi Technical Reference

Copyright © 2024